← 返回 Skills 市场
rivradev

Recite

作者 rivradev · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
595
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install recite
功能描述
AI-powered receipt scanning that renames files by date/vendor, extracts transaction details, and logs them in a dynamic bookkeeping CSV.
安全使用建议
Before installing or running this skill: (1) Understand that receipts (full images/PDFs) are uploaded to a third-party endpoint (recite.rivra.dev). Only proceed if you trust that service and its privacy/security practices. (2) The registry metadata does not list the required RECITE_API_KEY even though both SKILL.md and the script require it — treat the key as mandatory. (3) The SKILL.md promises behavior (reading long_term_memory.md and skipping rows when fields disappear) that the script does not implement; expect the script to write blanks or add new columns rather than skipping entries. (4) Back up your receipt folder before a run (files will be renamed) and test on a small set first. (5) If you need stronger privacy guarantees, request or implement an offline/local OCR alternative instead of sending images to an external API. (6) If you plan to use this skill in production, ask the author for corrected registry metadata, documentation that matches the code, and a privacy/security statement for the recite.rivra.dev endpoint.
功能分析
Type: OpenClaw Skill Name: recite Version: 1.0.1 The skill's core functionality is benign, but the `process_receipts.py` script contains a path traversal vulnerability. It uses `sys.argv[1]` (target directory) and API-provided `vendor` and `date` fields directly in `os.path.join` and `os.rename` without robust sanitization, potentially allowing files to be renamed or moved to arbitrary locations if malicious input or API responses are provided. Furthermore, `SKILL.md` and `README.md` instruct the AI agent to read `long_term_memory.md` for custom instructions, creating a prompt injection surface against the agent, though the skill itself does not contain malicious instructions in this file.
能力评估
Purpose & Capability
The code implements receipt scanning, renaming, and CSV bookkeeping consistent with the skill description. However, the registry metadata declares no required environment variables while the SKILL.md and the script both require a RECITE_API_KEY (or ~/.config/recite/config.json). That missing declaration is an incoherence that could mislead users and automated gating systems.
Instruction Scope
SKILL.md promises the agent will always read the skill's long_term_memory.md and that the agent will 'skip saving' rows when previously-present CSV fields are missing. The script defines a read_ltm() helper but never calls it, so LTM is not actually used. Also, the CSV logic does not 'skip' rows when fields are missing — it writes blanks or expands headers — so the documentation overstates behavior.
Install Mechanism
No install spec or remote downloads; the skill is instruction + a local Python script. That keeps installation risk low (nothing arbitrary is fetched or executed at install time).
Credentials
The script requires a Recite API key (RECITE_API_KEY or ~/.config/recite/config.json) but the registry metadata lists no required credentials. Additionally, the skill sends entire receipt files (base64-encoded) to https://recite.rivra.dev/apiV1/api/v1/scan — a potentially sensitive external endpoint. Requesting an API key for the service you integrate with is expected, but the missing registry declaration and external exfiltration of full images are proportionality/privacy concerns users must be aware of.
Persistence & Privilege
The skill does not request elevated platform privileges or permanent inclusion (always:false). It modifies files in the user-specified target folder (renaming and appending a CSV), which is coherent with its stated purpose. Autonomous invocation is allowed (platform default) but not by itself a new risk here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install recite
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /recite 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
ASO update: Enhanced description with receipt/receipts, invoice/invoices, transactions/expenses, tax & accounting keywords.
v1.0.0
Initial release: AI-powered receipt scanning and bookkeeping.
元数据
Slug recite
版本 1.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Recite 是什么?

AI-powered receipt scanning that renames files by date/vendor, extracts transaction details, and logs them in a dynamic bookkeeping CSV. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 595 次。

如何安装 Recite?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install recite」即可一键安装,无需额外配置。

Recite 是免费的吗?

是的,Recite 完全免费(开源免费),可自由下载、安装和使用。

Recite 支持哪些平台?

Recite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Recite?

由 rivradev(@rivradev)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论